mario/odoo_vm_proxmox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent URL manipulation in portal for vps

Browse Source
This commit is contained in:
Mario
2024-08-05 00:01:31 +02:00
parent da325f0c79
commit 44a91358ff
6 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ow_vm_management/models/vps_server.py
View File

@@ -1,5 +1,5 @@
from odoo import models, fields, api, _
from odoo.exceptions import UserError
from odoo.exceptions import UserError, AccessError
import requests
import urllib3
import ipaddress
@@ -89,6 +89,12 @@ class VPSServer(models.Model):
status = self._proxmox_request('GET', f'nodes/pve/{vm_type}/{vm_id}/status/current')
server.state = 'running' if status['data']['status'] == 'running' else 'stopped'
def check_access_rule(self, operation):
if self.env.user.has_group('base.group_portal'):
if operation != 'read' or self.customer_id != self.env.user.partner_id:
raise AccessError(_("You don't have access to this VPS server."))
return super(VPSServer, self).check_access_rule(operation)
def action_restart_from_portal(self):
self.ensure_one()
if self.env.user.partner_id != self.customer_id: